LOG MANAGEMENT WITH OPEN SOURCE TOOLS
Emre Gül1*, Ercan Nurcan Yılmaz2
1Gazi University , Ankara, Turkey
2Gazi University , Ankara, Turkey
* Corresponding author: enyilmaz@gazi.edu.tr
Presented at the 3rd International Symposium on Innovative Approaches in Scientific Studies (Engineering and Natural Sciences) (ISAS2019-ENS), Ankara, Turkey, Apr 19, 2019
SETSCI Conference Proceedings, 2019, 4, Page (s): 164-171 , https://doi.org/
Published Date: 01 June 2019 | 809 14
Abstract
In all systems within the information technologies and in the applications on these systems, the transactions performed by users and system administrators are recorded in accordance with the legal regulations and corporate policies. These records, which are one of the basic and most important components of cyber security, are given the name “log”. It has become imperative to know the log management processes which are critical to the confidentiality, integrity and accessibility of information. Systems and applications produce a continuous and high number of logs. To analyze these logs and to make sense, log management software should be used. Vulnerability and intrusion attempts can be detected using the capabilities of these softwares. The relevant system administrator can be informed with automatic warnings and measures against these attacks. The purpose of this study is to explain log management processes and exhibit how to use logs to pre-identify attacks against systems. As a log management tool, Graylog application is preferred for high performance, fast indexing and free of charge.
Keywords - Graylog, SIEM, Log Management, Log Analysis
References
1. Souppaya, M. and K. Kent, (2006). Guide to computer security log management. White Paper, NIST Special Publication 800-92, Computer Security, http://permanent.access.gpo.gov/lps69969/LPS69969.pdf
2. Chuvakin, A., Schmidt, K., Phillips, C., (2013). Logging and Log Management. Retrieved from https://doi.org/10.1016/B978-1-59-749635-3.00015-4
3. SANS. Log and event management survey results (SANS eighth annual) May; 2012. [Online] https://www.sans.org/reading-room/analystsporgram/SortingThruNoise
4. Chuvakin, A., Peterson, G. Building Security In. 1540-7993/09/ © 2009 IEEE, may/June 2009
5. Pouget. F., Dacier. M., (2003), White Paper: Alert Correlation: Review of the state of the art 1, France Institut Eurecom
6. Forte Dario V., The “ART” Of Log Correlation: Part 1: Tools And Techniques For Correlating Events And Log Files, Computer Fraud & Security, Volume 2004, Issue 6, June 2004, Pages 7-11, Science Direct
7. Anonim, https://www.graylog.org/ (Last Access Date:: 12.05.2018)
8. Graylog Documantation (2018, December 19) Retrieved from http://docs.graylog.org/en/2.5/pages/architecture.html